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REMARKS 

This amendment is responsive to the Office Action dated August 26, 2005. Applicants 
have amended claims 1 § 4, 8, 9, 30, 35, 38-40, 43, 51, 53, 55 and 56. Claims 18-26, 31-34 and 
47-50 were withdrawn previously. Claims 1-17, 27-30, 35-46 and 51-56 remain pending. 

Claim Refection Under 35 U.S.C. § 112 

In the Office Action, the Examiner rejected claims 4, 8, 9, 30, 38-40, 43, 51, 55, and 56 
under 35 U.S.C 1 1 2, second paragraph, as being indefinite for failing to particularly point out 
and distinctly claim the subject matter which applicant regards as the invention. Applicants have 
amended claims 4, 8, 9, 30, 38-40, 43, 51, 55 and 56 for purposes of clarification. Applicants 
submit that claims 4, 8, 9, 30, 38-40, 43, 51, 55 and 56, as amended, particularly point out and 
distinctly claim the subject matter, as required by 35 U,S«C 112, second paragraph. Applicants 
request withdrawal of the rejections. 

Claim Rejection Under 35 U.S.C. S 102 

In the Office Action, the Examiner rejected claims I, 3, 4, 6, 27, 30, 35, 37-39, 41, 42 and 
53 under 35 U.S.C 102(e) as being anticipated by Genty et al. (US 6,473,863). Applicants 
respectfully traverse the rejections to the extent such rejections may be considered applicable to 
the amended claims. Genty et al. (Genty) fails to disclose each and every feature of the claimed 
invention, as required by 35 U.S.C 102(e), and provides no teaching that would have suggested 
the desirability of modification to include such features. 

For example, Genty fails to teach or suggest establishing a packet tunnel, detecting a 
network attack, and establishing a new packet tunnel upon detecting the network attack, wherein 
the new packet tunnel comprises two or more concatenated packet tunnels, as recited by 
Applicants' amended independent claims 1, 35 and 53. On the contrary, Genty describes an end- 
to-end virtual private network (VPN) tunnel established between two nodes of a network system. 
The nodes of the VPN exchange secondary VPN configuration information, e.g., secondary IP 
addresses of the nodes. In the event that either node of the VPN tunnel detects snooping or other 
possible security breaches along the VPN tunnel, the detecting node sends a predetermined 
change code to the other node. Gentry teaches that the change code designates the previously- 
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exchanged secondary VPN configuration information to be used. Using the secondary VPN 
configuration information, the nodes negotiate a secondary end-to-end VPN tunnel. 

Applicants teach a packet tunnel slitting technique that facilitates reconfiguration of 
packet flow labels without limiting the address space diversity available for performing this 
reconfiguration. Applicants describe splitting an end-to-end packet tunnel into two or more 
concatenated packet tunnels when a network attack is detected. More specifically, upon 
detecting a network attack, one of a source device or a destination device of an end-to-end packet 
tunnel selects a pre-configured intermediate device as the tunnel concatenation point for the new 
packet flows between the source device and the destination device. 

Genty does not describe establishing a new packet tunnel that comprises two or more 
concatenated packet tunnels. Genty merely describes establishing a secondary end-to-end VPN 
tunnel using the same nodes as the original VPN tunnel Genty makes no suggestion of selecting 
an intermediate device upon detecting a network attack. Furthermore, Genty Mis to discuss 
establishing a new VPN tunnel that includes a first VPN tunnel terminated at the selected 
intermediate device and a second VPN tunnel originated at the selected intermediate device. 

In regard to Applicants' independent claim 27, Genty fails to teach or suggest establishing 
a virtual private network service including a packet tunnel, detecting a network attack, and 
establishing a new virtual private network service upon detecting the network attack, wherein the 
new virtual private network service comprises two or more concatenated packet tunnels. 

In the Office Action, the Examiner foiled to even consider the limitation wherein the new 
virtual private network service comprises two or more concatenated packet tunnels, as recited by 
Applicants' claim 27. Instead, the Examiner asserted that Genty teaches establishing a secondary 
tunnel upon detecting a network attack. As described above, Genty does not describe 
establishing a new packet tunnel that comprises two or more concatenated packet tunnels. Genty 
merely describes establishing a secondary end-to-end 'VPN tunnel using the same nodes as the 
original VPN tunnel. Genty makes no suggestion of selecting an intermediate device upon 
detecting a network attack. Furthermore, Genty fails to discuss establishing a new VPN tunnel 
that includes a first VPN tunnel terminated at the selected intermediate device and a second VPN 
tunnel originated at the selected intermediate device. 
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Applicants' independent claims 1> 27, 35 and 53 are in condition for allowance. For at 
least these reasons, Applicants' dependent claims 3, 4, 6, 30, 37-39, 41 and 42 are also in 
condition for allowance. In order to support an anticipation rejection under 35 U.S-C 1 02(e), it 
is well established that a prior art reference must disclose each and every element of a claim. 
This well known rule of law is commonly referred to as the "all-elements rule." 1 If a prior art 
reference fails to disclose any element of a claim, then rqection under 35 U.S.C 1 02(e) is 
improper. 2 

Genty fails to disclose each and every limitation set forth in claims 1, 3, 4, 6, 27, 30, 35, 
37-39, 41 , 42 and 53. For at least these reasons, the Examiner has foiled to establish a prima 
facie case for anticipation of Applicants 7 claims 1, 3, 4, 6, 27, 30, 35, 37-39, 41, 42 and 53 under 
35 U,S«C 102(e), Withdrawal of these rejections is requested. 

Claim Rejection Under 35 U.S.C. § 103 
Genty et al and Maeshima et al 

In the Office Action, the Examiner rejected claims 5, 7-1 1, 14, 15, 28, 40, 43, 44, 51 , 52 
and 54-56 under 35 U.S.C 103(a) as being unpatentable over Genty in view of Maeshima et al. 
(US 6,092, 1 13). Applicants respectfully traverse the rejections. The applied references fail to 
disclose or suggest the inventions defined by Applicants' claims, and provide no teaching that 
would have suggested the desirability of modification to arrive at the claimed invention. 

For example, Genty and Maeshima et al. (Maeshima) fail to teach or suggest reserving an 
amount of bandwidth for the packet tunnel, canceling the reserved bandwidth upon detecting the 
network attack, and reserving an amount of bandwidth for the new packet tunnel, as recited by 
claims 5, 40 and 54. The Examiner correctly acknowledged that Gentry fails to teach reserving 
an amount of bandwidth for a packet tunnel and a replacement tunnel- However, the Examiner 
asserted that Maeshima describes reserving bandwidth for every IP tunnel on the network. The 



1 SeeHybriteck Inc. v. Monoclonal Antibodies, Inc., 802 F.2d 1367, 231 USPQ 81 (CAFC 1986) C'it is axiomatic 
that for prior art to anticipate under 102 it has to meet every element of the claimed invention"). 

2 Id. Sec also Lewmar Marine, Inc. v. BarienU Inc. 827 F.2d 744, 3 USPQ2d 1766 (CAFC 1987); In re Bond, 910 
F.2d 831, 15 USPQ2d 1566 (CAFC 1990); CR. Bard, Inc. v. MP Systems, Inc., 157 F.3d 1340, 48 USPQ2d 1225 
(CAFC 1998); Qney v. Ratliff, 182 F-3d 893, 51 USPQ2d 1697 (CAFC 1999); Apple Computer, Inc. v. Articulate 
Systems, Inc., 234 F.3d 14, 57 USPQ2d 1057 (CAFC 2000). 
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Examiner stated that Genty and Maeshima are analogous art because both references are related 
to virtual private network setup, 

Genty fails to even mention reserving bandwidth for the VPN tunnel Maeshima fails to 
even mention network attack avoidance. For example, Maeshima fails to suggest canceling the 
reserved bandwidth for a packet tunnel upon detecting a network attack or reserving the 
bandwidth for a new packet tunnel established after the network attack is detected. Clearly, the 
cited references, either singularly or in combination, provide no motivation to one of ordinary 
skill in the art to modify the VPN attack avoidance method of Genty with the VPN assured 
bandwidth construction method of Maeshima. Instead, the conclusion of obviousness advanced 
by the Examiner relies on a motivation plucked directly from Applicants' own disclosure, rather 
than the prior art. The Examiner foiled to provide any reason why one of ordinary skill in the art, 
would have considered it desirable to reserve bandwidth, as described by Maeshima, within the 
VPN attack avoidance method described by Genty. In a similar manner, Gentry and Maeshima, 
either singularly or in combination, fail to teach or suggest the features of Applicants' dependent 
claims 7, 14, 15 and 55. 

In regard to Applicants' dependent claims 8, 28 and 56, Genty and Maeshima do not 
describe establishing the new packet tunnel by selecting an intermediate network device, 
establishing a first packet tunnel that terminates on the intermediate network device; and 
establishing a second packet tunnel that originates from the intermediate network device* The 
Examiner correctly acknowledged that Genty fails to teach selecting an intermediate device and 
establishing tunnels with the intermediate device. However, the Examiner asserted that 
Maeshima describes an IP tunnel with intermediate routers between the source and destination 
devices. The Examiner stated that Genty and Maeshima are analogous art because both 
references are related to virtual private network setup. 

As described above, Applicants' teach a packet tunnel splitting technique that facilitates 
reconfiguration of packet flow labels without limiting the address space diversity available for 
performing this reconfiguration. Applicants describe splitting an end-to-end packet tunnel into 
two or more concatenated packet tunnels when a network attack is detected. More specifically, 
upon detecting a network attack, one of a source device or a destination device of an end-to-end 
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packet tunnel selects a pre-configured intermediate device as the tunnel concatenation point for 
packet flows between the source device and the destination device. 

Applicants respectfully submit that the Examiner has misinterpreted the scope of the 
Maeshima reference. Maeshima merely describes establishing an end-to-end packet tunnel 
between a source device and a destination device that includes one or more intermediate devices. 
Maeshhxi a fails to suggest one of the source and destination devices selecting an intermediate 
device and establishing a new packet tunnel including a first packet runnel that terminates on the 
selected intermediate device and a second packet tunnel that originates from the selected 
intermediate device. In fact, Maeshima does not even discuss the operation of the intermediate 
routers included in the end-to-end packet tunnel. To the extent intermediate routers are used, 
they merely route packets along the single, end-to-end tunnel. They do not operate as 
termination points or origination points for concatenated tunnels. 

One of ordinary skill in the art certainly would not have looked to the Maeshima 
reference to modify the VPN attack avoidance method of Genty to include a packet tunnel 
splitting technique. Neither Genty nor Maeshima suggest establishing a new packet tunnel using 
an intermediate to device that terminates a first packet tunnel and originates a second packet 
tunnel. Clearly, even if the referenced were combined it would not result in Applicants* 
invention as claimed. In a similar manner, Gentry and Maeshima, either singularly or in 
combination, fail to teach or suggest the features of Applicants' dependent claims 9-1 1, 43 and 
44. 

In regard to Applicants* independent claim 51, Genty and Maeshima fail to teach or 
suggest a source network device that originates a first packet tunnel, an intermediate network 
device that terminates the first packet tunnel and originates a second packet tunnel, and a 
destination network device that terminates the second packet tunnel, wherein the intermediate 
network device de-encapsulates packets received from the first packet tunnel and re-encapsulates 
the packets for communication to the destination network device via the second packet tunnel 

The Examiner stated that Maeshima teaches a source device originating a tunnel and an 
intermediate device between a first and second tunnel. The Examiner correctly acknowledged 
that Maeshima fails to teach the intermediate device de-encapsulating and re-encapsulating the 
packet for transmission. However, the Examiner asserted that Genty describes encapsulating a 
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packet for transmission through a tunnel The Examiner stated that Genty and Maeshima are 
analogous art because both references are related to virtual private network setup. 

On the contrary, Maeshima merely describes establishing an end-to-end packet tunnel 
between a source device and a destination device that includes one or more intermediate devices. 
Maeshima fails to suggest an intermediate device terminating a first packet tunnel from a source 
device and originating a second packet tunnel to a destination device. In fact, Maeshima does not 
even discuss the operation of the intermediate routers included in the end-to-end packet tunnel. 
Furthermore, Genty fails to even mention intermediate device within a packet tunnel, let alone an 
intermediate device terminating a first packet tunnel and originating a second packet tunnel. 
Contrary to the Examiner's assertion, Gentry certainly fails to teach de-encapsulating and re- 
encapsulating packets at an intermediate device that is a concatenation point between a first 
packet tunnel and a second packet tunnel. 

As described above, the cited references provide no moti vati on to one of ordinary skill in 
the art to combine the teachings of the Gentry reference with the teachings of the Maeshima 
reference- Furthermore, neither of the cited references teaches an intermediate device that 
terminates a first packet tunnel and originates a second packet tunnel such that packets ate de- 
encapsulated from the first packet tunnel and re-encapsulated on the second packet tunnel. 
Therefore, even if the teachings of the cited references were combined it still would not result in 
Applicants' claimed invention. In a similar manner, Gentry and Maeshima, either singularly or 
in combination, fail to teach or suggest the features of Applicants' dependent claim 52. 

Moreover, as described above, Genty does not teach or suggest establishing a new packet 
tunnel that comprises two or more concatenated packet tunnels, as recited by Applicants' 
independent claims 1, 27, 35 and 53. Maeshima et al. (Maeshima) fails to provide any teaching 
capable of overcoming the deficiencies of Genty. 

Genty et al and Shawcross 

In the Office Action, the Examiner rejected claims 16, 17 and 29 under 35 U.S.C. 103(a) 
as being unpatentable over Genty in view of Shawcross (US 6,880,090). Applicants respectfully 
traverse the rejections. The applied references fail to disclose or suggest the inventions defined 
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by Applicants* claims* and provide no teaching that would have suggested the desirability of 
modification to arrive at the claimed invention. 

As described above, Genty does not teach or suggest estabHshing a new packet tunnel that 
comprises two or more concatenated packet tunnels, as recited by Applicants* independent 
claims 1 and 27. Shawcross fells to provide any teaching capable of overcoming the deficiencies 
of Genty. 

Genty et aL and Adams et aL 

In the Office Action, the Examiner rejected claims 2 and 36 under 35 U.S.C. 103(a) as 
being unpatentable over Genty in view of Adams et aL (US PGPUB 2003/0016679). Applicants 
respectfully traverse the rejections. The applied references fail to disclose or suggest the 
inventions defined by Applicants' claims, and provide no teaching that would have suggested the 
desirability of modification to arrive at the claimed invention. 

As described above, Genty does not teach or suggest establishing a new packet tunnel that 
comprises two or more concatenated packet tunnels, as recited by Applicants* independent 
claims 1 and 35. Adams et al. (Adams) fails to provide any teaching capable of overcoming the 
deficiencies of Genty. 

Genty et aL, Maeshima et at, and Jorgensen 

In the Office Action, the Examiner rejected claims 12, 13, 45 and 46 under 35 U.S.C. 
103(a) as being unpatentable over Genty in view of Maeshima and further in view of Jorgensen 
(US PGPUB 2002/0099854). Applicants respectfully traverse the rejection. The applied 
references fail to disclose or suggest the inventions defined by Applicants* claims, and provide 
no teaching that would have suggested the desirability of modification to anive at the claimed 
invention. 

As described above, Genty does not teach or suggest establishing a new packet tunnel that 
comprises two or more concatenated packet tunnels, as recited by Applicants' independent 
claims 1 and 35, Furthermore, Gentry and Maeshima, either singularly or in combination, fail to 
teach or suggest selecting an intermediate network device, establishing a first packet tunnel that 
terminates on the intennediate network device, and establishing a second packet tunnel that 
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originates from the intermediate network device, as recited by Applicants' claim 8, from which 
claims 12 and 13 depend, and Applicants' claim 43, from which claims 45 and 46 depend. 
Jorgcnsen fails to provide any teaching capable of overcoming the deficiencies of Genty as 
modified by Maeshiraa, 

For at least these reasons, the Examiner has failed to establish a prima facie case for non- 
patentability of Applicant's claims 2, 5, 7-17, 28, 29, 36, 40, 43-46, 51, 52 and 54-56 under 35 
U.S.C. 103(a). Withdrawal of this rejection is requested. 



All claims in this application are in condition for allowance. Applicant respectfully 
requests reconsideration and prompt allowance of all pending claims* Please charge any 
additional fees or credit any overpayment to deposit account number 50-1778. The Examiner is 
invited to telephone the below-signed attorney to discuss this application. 



CONCLUSION 



Date: 



By: 



SHUMAKER & SIEFFERT, PA. 
8425 Seasons Parkway, Suite 105 





Reg. No.: 41,312 



St. Paul, Minnesota 55125 
Telephone: 651.735.1100 
Facsimile: 651.735.1102 



-20- 
PAGE 22/22 * RCVDAT 11/28/2005 5:06:24 PM [Eastern Standard Time] * SVR:USPTO-EFXRF-6/31 * DNIS:2738300 * CSID:6517351 102 * DURATION (mm-ss):0544 



